Accepted libspring-ldap-java 1.3.1.RELEASE-4+deb7u1 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Nov 2017 17:48:15 +0100
Source: libspring-ldap-java
Binary: libspring-ldap-java libspring-ldap-java-doc
Architecture: source all
Version: 1.3.1.RELEASE-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libspring-ldap-java - Java library for simpler LDAP programming
libspring-ldap-java-doc - documentation for libspring-ldap-java
Changes:
libspring-ldap-java (1.3.1.RELEASE-4+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-8028:
Tobias Schneider discovered that Spring-LDAP would allow authentication
with an arbitrary password when the username is correct, no additional
attributes are bound and when using LDAP BindAuthenticator with
DefaultTlsDirContextAuthenticationStrategy as the authentication strategy
and setting userSearch. This occurs because some LDAP vendors require an
explicit operation for the LDAP bind to take effect.
Checksums-Sha1:
6f3e20103eea424884e8035ceb7780e4bcff930d 2701 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc
0123f243a74b0229c955236cd4dfc0c30a770bd1 499426 libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz
57ddd1605ca3c559da2f95afee1883e300bc1937 12098 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz
1322ac092e9de1385355be142c72ee1f43c44a98 212310 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb
3dc41cc1a2de1485bab79a6959a9343806673873 632632 libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb
Checksums-Sha256:
05dbba94695ffa136ea351d7e5e64dfab5b999dca8a625c64f790f9dd14a0340 2701 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc
6ea8451b08bb2b7258de625ddad8444adadefe0b7dcab5eb6346e8fa089bfe16 499426 libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz
94a5fcbbe069064f2132dcd6b989d383a12008ce2f7887d7a083aaf1b6de4c59 12098 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz
ab7e236ec3a657b1c6f523571a2f4ae76d932d60a99934a08ed421c9fae402dc 212310 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb
d2d858ae855a6591fbda3af3531e0d2fb3be8ea647e70c102a9189e7e4a3a817 632632 libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb
Files:
f8cf9b7b3676c729fac23d064ee9532f 2701 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc
84d455f39590fedfc9e5a1c3bc13f3f7 499426 java optional libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz
78bb1f016fe5d54e089dd31fa36e07e7 12098 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz
28a268401a08aa72e96e88f32bdc9dac 212310 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb
d97c0322dc13f50117532b939a816a09 632632 doc optional libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloRuOhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhsYP/1nKT6RqRRjBSUmc+CaoB5M7fFw1jCrXmOMG
Uwnmge7DWyyCOGaWuOJuesoYtJitIPIAqQ9NkEfTui5qv8zhKB5TN8P3PhygARUx
cTtgJiNEntExEZxbKvbl8y8J5lvFmw6+DZpUB/ElJtt1w/jCk7hXeyRPtFviXgwe
VreqFLE/fA2hJ46U6BN+uSdU4J1QIwazro7tNUGs2tktEt5czW0yL8/ExPNrtNwd
uEqxxJImFxCPDL1894VLMKb1ktidtMjLNpXttzLG9Ecn+nDeWJaLgrMqgfkIKk8L
uGz3YpuN1gXCaVHyw4y3cu9NSw4l8MaKDiNfENfs0EG8xIWqTXCeSjIOOtwJgnPK
WkiYqpEKsSlIF3lvTdxUx6sq7hngR8+4RDmDD+0A512MZ2P0D8qA7EBYPSY0stol
IhABbZOuQT6GEPtSbhuyOyiSEDAjFVvoo4KpvO+tMJffLXp+cERWCYxc5f0hzuxs
XvxyGQGMiDPhRyMjrstqZYo4CfAn32KuMSD5xJ4hFtRJPji0Ch9zOJadZRqRlIt1
jSqp+TeXa5Zt+NNIYHNx1iT2GRkAQjkRRYWoYo53d686CYmNOqVNluJSTekme4Bi
XCECe8MzRPxSh7046xyxwPMtls81LrPEmjfiHj1ywVTWc81Sg+5+XhUE6pMBM5LY
tKvftcuM
=7S4j
-----END PGP SIGNATURE-----
Reply to: